Q: What is the general functionality and main components of Teldat's solution?

A: Each device in the network exports traffic information to the visibility server using Netflow. All of the data is then added to a Big Data engine and presented to the user in an intuitive graphical interface with multiple filter options and visualization modes.

Q: What are the advantages of Teldat's solution compared to other Netflow collectors?

A: The Netflow standard identifies traffic based on source and destination addresses, which creates a problem because, depending on the direction of traffic, the source becomes the destination and vice versa, hindering traffic analysis and filtering. With Teldat’s solution, traffic is marked as internal and external regardless of the direction in which it is travelling. Other advantages include a powerful Big Data engine capable of complex analysis, almost instantaneous filtering, fully customizable dashboards, report and alarm options, and an intuitive user interface.

Q: What licenses are required?

A: Network devices require a Deep Packet Inspection (DPI) license to export level 7 data, but no license to export level 1-4- data. In the server: a license is needed for every device that is going to export visibility data for processing. It follows the same license model as Cloud NetManager, because both tools share the license server.

Q: What configuration is needed?

A: In remote devices you need to enable Netflow on the WAN interface and configure the Netflow parameters of the server to which traffic is to be exported. Optionally, Access Control Lists associated with route-maps and labels in the Netflow protocol to label different traffic categories and enabling level-7 application detection when there is a DPI license. In the server, optional Dashboard generation to present information according to user preferences.

Q: In which Public Cloud is deployed Teldat Visualizer?

A: Teldat Visualizer is deployed in Google Cloud, in a German Datacenter.

Q: What server deployment options are available?

A: Only a SaaS version at the moment. An on-premises version will be available shortly.

Q: Is Teldat Visualizer a scalable and reliable solution?

A: Yes, as mentioned before, Teldat Visualizer is deployed over Google Cloud Platform. Teldat Visualizer design is based on containers, so the software architecture is divided in functional blocks, and each block is deployed as a container.

This solution increases the reliability of the platform, because each container is functionally independent from the rest, so they can be individually deployed in a high availability architecture.

Additionally, the Kubernetes service allows to scale the solution by containers, so in case of overload of one of the components, it’s only needed to scale the overloaded functional block.

Q: How are the devices identified in the platform?

A: The Teldat devices are identified with the Serial Number and the Digital Verification Code (DVC), to assure that malicious devices can’t be connected to Teldat Visualizer.

Q: Is Teldat Visualizer integrated with CNM?

A: Yes, Teldat Visualizer is highly integrated in Cloud NetManager solution. Although they are deployed in different Cloud Providers, both tools share the license server, to be able to manage licenses from a unique point.

The tools share the same user hierarchy, to manage and control in different levels the group of customers.

Additionally, both share the mail server which is used to send the notifications to the users.

Q: What Protocols are used?

A: Network devices export using standard Netflow v10 (IPFIX).

Q: What is the security level for exported data?

A: Under development encrypted according to IPFIX standard interoperable procedures and soon to be available.

Q: How many different dashboards can you create and use?

A: As many as you need. There is no limit.

Q: Are there any proactive options you can use to detect specific or unusual traffic conditions?

A: You can use filters to set alarms based on traffic thresholds. The filters can work on any combination of the exported parameters and, when an alarm is triggered, the result is memorized in the system and an email alert generated as well.

Based on this notification capabilities, Teldat Visualizer will include in the future AI (Artificial Intelligence) technologies, to analyze which is the traffic pattern in a customer and send notifications when the traffic behavior is out of this pattern. This will allow to our customer to detect incidents before they affect to the service.

Q: Can you get periodic reports on network visibility?

A: Yes, you can use the report option to set up the system to automatically email dashboards periodically.

Q: What inspection possibilities are possible when SAP is used?

A: SAP’s proprietary application uses a known port (3200), so identification is easy. For SAP service mode, please see the question below on identifying public cloud applications.

Q: What inspection possibilities are possible when Citrix is used?

A: Citrix allows inspection at two levels of granularity. The first level involves identifying the different applications, while the second level involves identifying the different priority levels that may be necessary to transport application information in a single application (Citrix provides 4 priority levels: “Very High” for audio, “High” for the visual user interface, “Medium” for MediaStream, and “Low” for printers and serial/parallel ports). This last type of classification is the most interesting, since it provides greater granularity and ensures the necessary priority according to the criticality of the data transmitted. This second level is supported by the DPI license (note, it requires configuring ICA in Multi-Stream mode, which implies carrying each priority level in a separate TCP session).

A: Identifying these applications is complex because they often distribute processes between multiple connections simultaneously, connecting to a variety of IP addresses and domain names which must all be identified. For example, with Salesforce, the various provider services are identified at the IP layer, as indicated here; for Microssoft365 identification is based on domain names and IP addresses and is available here; and by and large, the information is available from the same sources and third parties, for instance, for Facebook traffic.